Supervisord is a Python-based tool that provides a graphic user interface (GUI) to manage backend applications (services).
Recently, an authenticated remote command execution vulnerability (CVE-2017-11610) was detected in Supervisord. Attackers can send malicious data through POST request to the Supervisord management interface to obtain the server operation right, causing a serious security risk.
See the following for more information about the vulnerability.
Supervisord remote command execution vulnerability
Attackers can send malicious data through POST request to the Supervisord management interface to obtain the server operation right.
Condition and method of exploitation
Conditions of exploits:
- Supervisord version is 3.1.2 or 3.3.2.
- Management Port 9001 of Supervisord can be accessed from the Internet.
- Supervisord has no password configured or uses a weak password.
Method of exploits: Remote exploitation.
- Supervisord version 3.1.2
- Supervisord version 3.3.2
Check whether any affected version of Supervisord is used.
How to fix or mitigate
Follow these steps to fix the vulnerability:
If Supervisord is not needed, we recommend that you stop and uninstall it. In addition, check for the abnormal process or account on the server, ensuring the normal running of the server.
If Supervisord is needed, uninstall and reinstall it, and upgrade the version to 3.3.3. Create a snapshot or data backup before uninstallation.
This vulnerability uses Management Port 9001 enabled on Supervisord to start remote attacks. Therefore, you can configure an ECS security group policy to block Port 9001 in the inbound and outbound directions of the Internet and intranet.
Configure a strong password for RPC logon on Supervisord. We recommend that the password contain more than 8 characters, including upper-case or lower-case letters, numbers, and special characters.